Active Exploitation of GDI Vulnerabilities

US-CERT has seen public reports of an exploit targeting vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable.

Additional information about these vulnerabilities is available in the Vulnerability Notes Database.

US-CERT encourages users to review MS08-021 and apply the patch or workarounds to help mitigate the risks.